any help you could give me would be greatly appreciated. I have tried
the changes you specify below, and am getting the same errors. I think
I am close, everything seems to work, except for getting the browser
cert into my servlet.
Thank you for all of your help!!
Ramsay Domloge wrote:
"SSL
"SSLVerifyClient require" in httpd.conf
Also, you will have to specify the SSLCACertificate which must have
signed the user cert, and you probably want to specify the
SSLVerifyDepth as "1".
If you need any further help just ask - I am getting quite familiar with
the fun and games of setting up
I have the code that you specified working. The problem is that the
request.getAttribute("javax.servlet.request.X509Certificate") call is
returning null. This leads me to believe that apache is only performing
server authentication. But netscape asks me for the password for the
key informati
Well, the basics are simple:
import java.security.cert.X509Certificate;
.
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
Now comes the hard part :-). certs[0] is always the clients certificate.
For the HTTP/1.1 connect
I need to get the user certificate that the user's browser sends to the
server in order to set up a mutually authenticated SSL connection. Will
a non-SSL connector be able to perform this if I run tomcat with apache
2.0.44?
Does anyone have any experience with SSL and tomcat? I am having a
